Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-07-05 15:40:30.0

How do I setup an Entrust SSL certificate on Kerio Mail Server?

Article Number: 43311

Before you Begin

Testing for this guide was performed on a MAC OS X Tiger Server.
Please note: Kerio MailServer does not support server-side intermediate certificates. Entrust does NOT use intermediate certificates for standard or advantage type certificates.

Keypair and CSR generation

  • From the Administration Console, locate the Configuration/SSL Certificates dialog.
    Select New -> Certificate Request.
  • Supply all information. Note: The 'Hostname' (external DNS of the site) MUST resolve to the IP address of your Kerio MailServer in order for the certificate to work.
  • View the request file by selecting the request, and Show -> request. The request information will appear in a separate window.

Server Certificate Installation

Once you have received the certificate in X.509 base-64 encoded format, this exact information must be saved as *.crt to some location on the local hard drive.

  • Locate the /sslcert directory.
     OSX: /usr/local/kerio/mailserver
     Windows: C:/program files/kerio/mailserver
     Red Hat: /opt/kerio/mailserver
  • Locate the *.csr file. This is the request file, it should be named something like server1.csr.
  • Copy the signed certificate into this directory using the same name as the request file, but with the .crt extension. For example server1.crt.

At this point, you should have three files: the request (*.csr), the private key (*.key), and the certificate (*.crt). All files should have the same name, for example server1.csr, server1.key and server1.crt.

Enabling SSL

  • Restart Kerio MailServer and reconnect to the administration console.
  • In Configuration/SSL Certificates, select the new certificate and choose the 'set as active' button in the bottom right corner.
  • Restart the Kerio MailServer service to activate the new signed certificate.

Disaster Recovery

Once you have completed this procedure, create a backup copy of the sslcert directory and save it to external media.  If you loose the private key, it will be necessary to generate a new request and repeat this process.

TN6974

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable